<?php
    @session_start();
    require_once 'shared-functions.php';
    require_once 'session.php';
    require_once 'masterpage.php';

    if(!IsValidSession())
    {
        header('Location: login.php?page=add-new-user');
        exit();
    } 
    else
    {
  	RefreshSession();
    }

	$user = GetCurrentUserAccessLevel();
	 //Check user access
    if($user != $DIRECTOR && $user != $ADMIN)
    {
        header('Location: login.php?page=add-new-user&error=To access to the add new user page, please log in as an director or admin&logout=1');
        exit();
    }
	
    $link = connect_db();
    
    masterpage("Add New User");
?>
    <table class="DataList">
        <form action="create-new-user-db.php" method="post">
        <tr><th class="header" colspan="2">Add New User</th></tr>
<?php 
	if(isset($_SESSION['login_error']))
	{
		echo "<tr><td align=\"center\" colspan=\"2\">" . $_SESSION['login_error'] ."</td></tr>";
		$_SESSION['login_error'] = "";
	}
?>
		<tr><td colspan='2' align='center'><font color="red">Marked fields are required</font></td></tr>
        <tr><td>First Name</td><td><input type="text" size="40" name="firstName" /><font color="red">*</font></tr>
        <tr><td>Middle Name</td><td><input type="text" size="40" name="middleName" /></tr>
        <tr><td>Last Name</td><td><input type="text" size="40" name="lastName" /><font color="red">*</font></tr>
        <tr><td>Email Address</td><td><input type="text" size="40" name="emailAddress" /></tr>
        <tr><td>User Name</td><td><input type="text" size="40" name="userName" /><font color="red">*</font></tr>
        <tr><td>Password</td><td><input type="password" size="40" name="password" /><font color="red">*</font></tr>
        <tr><td>Confirm Password</td><td><input type="password" size="40" name="confirmPassword" /><font color="red">*</font></tr>
        <tr><td>Role</td><td><select name="roles">
<?php
        $query = "SELECT `PrivilegeLevel`, `GroupName` FROM `Privilege` WHERE `GroupName`!='Student' ORDER BY `GroupName` ASC;";
        $result = mysql_query($query,$link);
        while($privilege=mysql_fetch_array($result,MYSQL_BOTH))
        {
            echo '<option value ="'.$privilege['PrivilegeLevel'].'">'.$privilege['GroupName'].'</option>';
        }
?>
        </select><font color="red">*</font></td></tr>
        <tr><td colspan="2"><input type="submit" value="Add" /></tr></tr>
        </table>
<?php
	endmasterpage();
?>

